tags:

views:

21

answers:

2
+1  Q: 

X509: What's the difference between digital signature and non-repudiation

Hello,

I have to deal with certificates issued by the Swiss post office on USB tokens. There deliver two certificates on the same token. In their intended usage fields, one has "non repudiation" and the other "digital signature".

Now, I can't understand what the practical difference between the two are: I've always seen both in the same certificate, never two certs for the same identity each with one of the roles. In fact, I can't imagine a scenario where non-repudiation and digital signature aren't the same, for all practical matter, the same thing.

Could anyone explain to me what the difference is, please ? And if you had a suggestion about in what situation one should be picked over the other, that would help as well.s

+1  A: 

Interesting question, and your thoughts match my own.

I've found a reference at IBM here about key usage, but I still can't really get my head around the distinction.

The best that I can phrase my understanding having read the article is that a non-repudiation usage means "I really meant to sign this, and I really understand the implications of signing this."

Sorry this isn't a complete answer, but I hope it helps.

Neil Moss  2010-08-12 13:57:12
Thanks for the link. It point in the same direction as what I suspected: Non-repudiation is a limited subset of digital signature.
Stephane  2010-08-13 09:22:20
A: 

I talk to the guy who implemented it and, apparently, they intended the "non-repudiation" cert for /really/ signing documents and the "digital signature" one to be used for authentication.

Stephane  2010-08-13 09:24:01

related questions

Check signature for x509 certificate
Invoke Windows Certificate Export Wizard .NET
Streaming api for reading/writing certification revocation list in java
Custom extensions in System.Security.Cryptography.X509Certificates
Is there a standard way to run a x509 key server?
How to extract CN from X509Certificate in Java?
Reading a certificate signing request with c#
How to get the Signature of a Self-Signed Certificate using X509Certificate or other .NET Class?
PKCS#7 Signed Code Image extracting
Where to store X509 certificate for Windows service?
How to generate CA signed x509 certificate by M2Crypto
How do I use m2crypto to validate a X509 certificate chain in a non-SSL setting
Parsing X509 DSS Certificate to get P, Q, G and Y
Windows asks for p12 password when installing p12 key generated by openssl
Revoke client X509 certificate
Obtaining a signed x509 when using ECDSA keys
C# WCF client configuration for X509 secured web service over https
Implementation of Message Level Security using X509 certificates in DotNet
Get client certificate for page registration
iPhone web service calls to WCF Service with Certificate Authentication
m2crypto custom certificate verification
Java: Invalid keystore format, when generated through code
How to do asymmetric encryption with X509 certificates and C#?
Using HTTPS with REST in Java
Delphi 7 access Windows X509 Certificate Store